Analysing Sony Ericsson K800i hex dump

On SEs it's usually a PDU (or a slightly bastardised version thereof!).

This page is always worth a look
http//www.dreamfabric.com/sms/

You could also refer back to the original standards which I think are in GSM 03.40 and.. one other which escapes me at the moment sorry!

Thanks for that info. I'd actually checked out the dreamfabric web site previously, in reference to a Nokia 6230. In that instance it didn't appear that the stored data matched the PDU standard, so I didn't even think to check it this time … doh! oops Will give it a check now and see if it starts to make some sense.

philh

Okay, so it does appear that the SE uses a variation of the PDU format for storing SMS messages - I can identify SMSC numbers etc. along with the SMS message text itself (stored as packed 7-bit ASCII).

I've identified a number of SMS messages for which there doesn't appear to be a recorded timestamp - does anyone have any ideas under what circumstances a timestamp wouldn't be recorded for a SMS message ? I'm fairly sure they're received messages because the SMSC number is stored (according to the PDU format).

philh

Okay, so it does appear that the SE uses a variation of the PDU format for storing SMS messages - I can identify SMSC numbers etc. along with the SMS message text itself (stored as packed 7-bit ASCII).

I've identified a number of SMS messages for which there doesn't appear to be a recorded timestamp - does anyone have any ideas under what circumstances a timestamp wouldn't be recorded for a SMS message ? I'm fairly sure they're received messages because the SMSC number is stored (according to the PDU format).

philh

Phil,

I think you will more likely find that if there is no date/time that the message is actually outgoing. It is not uncommon to see a SMSC stored with an outgoing PDU.

It may make your life easier to identify some incoming and outgoing known data from the handset first. Locate this in the hex dump and ascertain if there are any continuous markers which appear before the SMSC data which may be showing the type of message, i.e. incoming or outgoing. I have worked on dumps from a number of SEs and often found a type marker preceding the SMSC data.

Also, be aware that you may find multiple versions of messages which occur when blocks of data have been moved around the memory during operation of the handset this can happen either with different markers, when for example the status has changed from read to unread or often also with the same marker.

Regards,

Colin

Phil,

I think you will more likely find that if there is no date/time that the message is actually outgoing. It is not uncommon to see a SMSC stored with an outgoing PDU.

Ah I did wonder if that might be the case, although the PDU format indicates that SMSC is only stored for incoming messages. I'll have a look at the message content and see if that indicates whether the messages have been sent - unfortunately I've only got the hex dump to work from, and not the original phone, so I'm unable to view the messages and see if they're sent or received.

Locate this in the hex dump and ascertain if there are any continuous markers which appear before the SMSC data which may be showing the type of message, i.e. incoming or outgoing. I have worked on dumps from a number of SEs and often found a type marker preceding the SMSC data.

I've noticed the hex pattern "0x01 0x??" occurs consistently prior to the usual "0x07 0x91" SMSC identifier. The "0x??" byte appears to take the values "0x00", "0x01", or "0x02" - I did wonder if this might indicate the status of the message (read/sent/etc.).

Thanks for the help Colin, I'll keep digging and see what I can find )

philh